GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: external-dns, fulcio, istio-operator, grype, nats-server, libssh2, prometheus-postgres-exporter, caddy, vault-csi-provider, flux-helm-controller, istio-pilot-discovery, sigstore-scaffolding, cortex, terragrunt, argo-cd, step, dgraph, kubernetes, node-problem-detector,....
7AI Score
0.962EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...
7AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...
7.5AI Score
Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...
6.5AI Score
0.001EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...
7.8AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...
8.2AI Score
0.002EPSS
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: pulumi-language-yaml, boring-registry, skaffold, flux-image-automation-controller, pulumi-language-dotnet, rclone, wolfictl, kubevela, cosign, actions-runner-controller, pulumi-kubernetes-operator, zarf, flux-kustomize-controller, terragrunt, argo-cd, slsa-verifier,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: external-dns, fulcio, istio-operator, grype, nats-server, libssh2, prometheus-postgres-exporter, caddy, vault-csi-provider, flux-helm-controller, istio-pilot-discovery, sigstore-scaffolding, cortex, terragrunt, argo-cd, step, dgraph, kubernetes, node-problem-detector,....
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....
6AI Score
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is...
7.7AI Score
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without...
7AI Score
Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code...
7.8AI Score
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...
6.7AI Score
Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...
7AI Score
OpenAPI Generator Online - Arbitrary File Read/Delete
Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...
6.7AI Score
A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content...
5.9AI Score
INE Security Enables CISOs to Secure Board Support for Cybersecurity Training
By Cyber Newswire Cary, United States, 28th May 2024, CyberNewsWire This is a post from HackRead.com Read the original post: INE Security Enables CISOs to Secure Board Support for Cybersecurity...
7.2AI Score
(RHSA-2024:3431) Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack...
6.9AI Score
0.0004EPSS
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria...
6.7AI Score
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. Mitigation Mitigation for this issue is either not available or the currently available options don't meet.....
6.4AI Score
Lattice-Based Cryptosystems and Quantum Cryptanalysis
Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...
7.2AI Score
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API...
6.6AI Score
0.002EPSS
silverstripe/framework is vulnerable to a URL Injection vulnerability. The vulnerability is due to improper encoding of entities in the URL string, specifically in requests coming from Internet Explorer, which allows malicious JavaScript code to be directly inserted into the output content by...
7.4AI Score
Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be...
7.3AI Score
OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be...
7.8AI Score
OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be...
7.6AI Score
Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be...
7.1AI Score
MStore API < 3.9.8 - SQL Injection
The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id...
7.7AI Score
0.001EPSS
Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...
6.9AI Score